Penetration Testing mailing list archives

Re: gotomypc

From: "Rainer Duffner" <rainer () ultra-secure de>
Date: Sun, 10 Mar 2002 14:05:42 GMT

kevin mckay writes:

Has anybody dealt with the services from https://www.gotomypc.com it
seems to allow end users to completely circumvent an existing network
security infrastructure.


I think that is just one of several ones:

http://directory.google.com/Top/Computers/Security/Internet/Privacy/Tools_and_Services/

Though not all will do the same.
Most notably, to me, is htthost/httport:

http://www.htthost.com/

The user signs up with gotomypc and establishes a out bound connection
through the firewall to a go to my pc server, then there server listens
for a connection that is connected to your internal network
and the scariest thing is that the listining ports for inbound
connections are on a gotomypcserver so how would you even audit?.


Once the tunnel is encrypted, there are not many options left:
- blackhole the relevant IP-adresses -> this becomes futile once users
 use htthost on one of their home DSL-lines
- run spyware (SMS etc) on the client-pc and employe an armada of
 tech-support people to periodically check every employee-PC for what
 the user has running. -> this will probably boost the economy and get you
 bonus-points from HR and upper management
- try to lock down the client-configuration to up the ante for the
 employees -> helps until someone has found a way to circumvent it, until
 then it might even annoy the honest users
- install host-based IDS -> mitigates break-ins that can occur and helps

pin-down the individual in case

Finally:
- admit it is a social problem, that cannot be totally dealt with

technology only.



cheers,
Rainer
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rainer Duffner                   Munich
rainer () ultra-secure de          Germany
http://www.i-duffner.de        Freising
========================================
   When shall we three meet again
 In thunder, lightning, or in rain?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

gotomypc kevin mckay (Mar 09)
- Re: gotomypc R. DuFresne (Mar 10)
- Re: gotomypc R. DuFresne (Mar 10)
- Re: gotomypc Rainer Duffner (Mar 10)
- <Possible follow-ups>
- Re: gotomypc Ken . Williams (Mar 11)